Vladimír čunát via Nix community nixos1@discoursemail.com writes:
That way the password would end up in plaintext in the world-readable
*.drvfile as well… EDIT: at least unless the hashing were purely evaluation-time thing, but I’m not sure about suitability of such an approach.
I think it would make sense as a follow-up to [RFC 0005] Nix encryption by edolstra · Pull Request #5 · NixOS/rfcs · GitHub